Tue, 21 Dec 2004

Security holes that run deep

A fine little essay from Mark Burnett about the real problems with Windows security. Here's a teaser:

This obviously isn't just a Microsoft problem, we could all certainly learn from this lesson. But that doesn't mean Microsoft can't take the lead in tackling this problem. Whether you are talking about politics or programming, the concept is the same: follow best practices.

Best practices: making sure that "all i's are dotted and all t's are crossed" takes time and attention to detail. More importantly, it takes experience - especially by those doing peer reviews on their collegues code. I would hope that Microsoft's quality control processes include peer reviews, but one never knows.

This is a basic reason that open source is more secure: more peer reviews, or more "eyeballs" as the OSS community perfers to call it.

How a simple bug betrays Microsoft's disdain for basic best practice principles

(link) [The Register]

/Technology | 0 writebacks | permanent link

comment...

 
Notes: If you put a <mailto:> link in the URL field your address will not be mangled: this could be a bad idea as your email address could be easily harvested by bots designed for SPAM. The comments field should now format correctly for line feeds and carriage returns: when you hit the 'Enter' or 'Return' keys in your comment it should break to a new line. The text should wrap cleanly. Please let me know if it doesn't. No HTML tags will pass through - entering links seems to be the main cause of comment SPAM. Also, please be sure that Javascript is enabled in your browser before attempting to post a writeback. Sorry for any inconvenience, but this really helps cut down on the amount of comment SPAM I have to deal with.
 
 Name:
 URL:(optional)
 Title: (optional)
 Comments:  
Save my Name and URL/Email for next time